package com.kime.shiro.base;

import com.kime.shiro.base.realm.CustomerMD5Realm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;

import java.util.Arrays;

/**
 * Created with IntelliJ IDEA.
 *
 * @Auther: JiangYi
 * @Date: 2022-03-13 18:52:25
 * @Description: 使用 MD5 + Salt + Hash 加密后的自定义 Realm 认证
 */
public class TestCustomerMD5RealmAuthenticator {
    public static void main(String[] args) {
        // 创建安全管理器
        DefaultSecurityManager securityManager = new DefaultSecurityManager();
        // 设置自定义 Realm
        CustomerMD5Realm realm = new CustomerMD5Realm();
        // 设置 Realm 使用 Hash 凭证器，自动匹配 Salt
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        // MD5 加密算法
        hashedCredentialsMatcher.setHashAlgorithmName("md5");
        // Hash 散列 1024 次
        hashedCredentialsMatcher.setHashIterations(1024);
        // Realm 注入 Hash 凭证器
        realm.setCredentialsMatcher(hashedCredentialsMatcher);
        // 注入 Realm
        securityManager.setRealm(realm);
        // 将安全工具类设置安全管理器
        SecurityUtils.setSecurityManager(securityManager);
        // 通过安全工具类获取 subject
        Subject subject = SecurityUtils.getSubject();
        // 创建 token
        UsernamePasswordToken token = new UsernamePasswordToken("zhangsan", "123");
        try {
            System.out.println("认证状态: " + subject.isAuthenticated());
            subject.login(token);
            System.out.println("认证状态: " + subject.isAuthenticated());
        } catch (UnknownAccountException e) {
            e.printStackTrace();
            System.out.println("认证失败: 用户名不存在～ ");
        } catch (IncorrectCredentialsException e) {
            e.printStackTrace();
            System.out.println("认证失败: 密码错误～");
        } catch (Exception e) {
            e.printStackTrace();
            System.out.println("认证失败: 其它异常～");
        }

        // 认证用户进行授权
        if (subject.isAuthenticated()) {
            // 基于角色权限控制
            System.out.println(subject.hasRole("admin"));

            // 基于多角色权限控制
            System.out.println(subject.hasAllRoles(Arrays.asList("admin", "user")));

            // 基于多角色是否具有其中一个角色
            boolean[] hasRoles = subject.hasRoles(Arrays.asList("admin", "user", "super"));
            for (boolean hasRole : hasRoles) {
                System.out.println(hasRole);
            }

            System.out.println("============================");
            // 基于权限字符串的访问控制  资源标识符:操作:资源实例标识符/资源类型
            System.out.println("权限: " + subject.isPermitted("user:*:01"));
            System.out.println("权限: " + subject.isPermitted("user:update:01"));
            System.out.println("权限: " + subject.isPermitted("product:create"));
            System.out.println("权限: " + subject.isPermitted("product:update"));
            System.out.println("权限: " + subject.isPermitted("product:create:02"));

            // 分别具有哪些权限
            boolean[] permitteds = subject.isPermitted("user:*:01", "order:*:10");
            for (boolean permitted : permitteds) {
                System.out.println(permitted);
            }

            // 同时具有哪些权限
            boolean permittedAll = subject.isPermittedAll("user:*:01", "product:*");
            System.out.println(permittedAll);
        }

    }
}
